This update enhances support for Wi-Fi Protected Access 2 (WPA2) options in Wireless Group Policy. This update helps prevent a Windows wireless client from advertising the wireless networks in its preferred networks list.
Update informationThe following file is available for download from the Microsoft download center:
Download the Wireless Client Update package now.
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
Important If you install this update on a computer that is running Multilingual User Interface (MUI), the user interface changes to English. To resolve this problem, follow these steps:
- Download the update for the language that you want to use by clicking the link earlier in this section.
- Unpack the hotfix to a folder by using the /x command-line option. To do this, type the following command at a command prompt:WindowsXP-KB917021-v3-x86-LanguageCode.exe /xNote LanguageCode represents the letters in the file name that indicate the language.
- When you are prompted for a target folder, select the folder, and then click OK.
- In the SP2QFE folder in the target folder, copy the Sprunnnn.dll file to the %systemroot%\System32\Mui\nnnn folder.
Note nnnn is a code that indicates the language. This code is the same in the Sprunnnn.dll file and in the %systemroot%\System32\Mui\nnnn folder.
- Rename the Sprunnnn.dll file as Xpsp3res.dll.
- Repeat these steps for any other language that you use on the computer.
PrerequisitesTo install this update, you must have Windows XP Service Pack 2 (SP2) installed.
Restart requirementYou may be prompted to restart the computer after you install this update.
Update replacement informationThis update replaces hotfix 893357.
You do not have to install the WPA2 Information Element Update on computers that have Windows XP Service Pack 2 and the Wireless Client Update installed.
For more information about the WPA2 Information Element update, click the following article number to view the article in the Microsoft Knowledge Base:
File informationThe English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
|File name||File version||File size||Date||Time||Platform||SP requirement|
WPA2 support in wireless Group Policy settingsA computer that has the WPA2/WPS IE Update installed lets users manually configure options for WPA2 authentication and encryption. However, until the Wireless Client Update is installed, network administrators cannot centrally configure WPA2 options by using the Wireless Network (IEEE 802.11) Policies node of Computer Configuration Group Policy. Computers that have Windows XP Service Pack 2 and the Wireless Client Update installed can apply these configuration options when they configure the computers by using Computer Configuration Group Policy.
To configure WPA2 authentication settings for wireless clients that are running Windows XP with SP2, the client computers must be members of a Windows Server 2003 Active Directory domain. The clients must also have the Wireless Client Update for Windows XP with Service Pack 2 installed. The WPA2 authentication settings must be configured from the Group Policy Object Editor snap-in on a computer that is running Windows Vista or Windows Server Code Name “Longhorn.” For an example configuration in a test lab, see the Windows Vista Wireless Networking Evaluation Guide. To obtain this guide, visit the follow Microsoft Web site:
Changes for nonbroadcast networksIn Windows XP with Service Pack 2, Wireless Auto Configuration tries to match preferred wireless networks to wireless networks that broadcast their network name. If no network matches a preferred wireless network, Wireless Auto Configuration sends probe requests to determine whether the preferred networks are nonbroadcast networks. In this manner, a Windows XP wireless client advertises its list of preferred wireless networks. An observer may monitor these probe requests and configure a wireless network by using a name that matches a preferred wireless network. If the wireless network is not secured, this network could enable unauthorized connections to the computer.
The Wireless Client Update lets you configure wireless networks as broadcast networks or as nonbroadcast networks. Additionally, Wireless Auto Configuration sends probe requests only for nonbroadcast networks.
When you configure wireless networks in Windows XP, you can specify a wireless network as nonbroadcast by using the Association tab in the properties dialog box of the wireless network. To define a wireless network as nonbroadcast, select Connect even if the network is not broadcasting under Network Name (SSID). On a computer that is running Windows Vista or that is running Microsoft Windows Server Code Name "Longhorn," you can also specify a wireless network as nonbroadcast by using the Wireless Network (IEEE 802.11) Policies node of Computer Configuration Group Policy.
Changes in parking behaviorOn a computer that is running Windows XP with Service Pack 2, Wireless Auto Configuration may create a random wireless network name and put the wireless network adapter in infrastructure mode. This operation is known as
parking the wireless network adapter. In this situation, the wireless adapter is not connected to any wireless network. However, the wireless adapter continues to scan for preferred wireless networks every 60 seconds.
Some wireless network adapter drivers may interpret this parking operation as a request to connect to a wireless network. Therefore, these drivers may send probe requests in search of a network that has the random name. Because the parking operation passes no security configuration the driver, the random wireless network might be an open system-authenticated wireless network that uses no encryption. An observer could monitor these probe requests and establish a connection with a parked Windows XP wireless client.
On a computer that has the Wireless Client Update installed, the request to park the wireless network adapter includes a security configuration that uses a random encryption key. This security configuration uses the most secure encryption method that the wireless network adapter supports. If the wireless network adapter supports WPA2, the security configuration uses Advanced Encryption Standard (AES) encryption together with a 128-bit encryption key. If the wireless network adapter supports WPA but does not support WPA2, the security configuration uses Temporal Key Integrity Protocol (TKIP) encryption together with a 128-bit encryption key. If the wireless network adapter supports Wired Equivalent Privacy (WEP) but does not support WPA2 or WPA, the security configuration uses WEP encryption together with a 128-bit encryption key.
Changes for ad hoc networksOn a computer that does not have the Wireless Client Update installed, Wireless Auto Configuration automatically tries to connect to all the wireless networks in the preferred networks list that have previously been connected to. If no infrastructure mode networks are present, Wireless Auto Configuration sends probe requests to try to connect to the first ad hoc wireless network in the preferred networks list. An observer could monitor these probe requests and establish an unsecured connection with a Windows wireless client.
On a computer that has the Wireless Client Update installed, Wireless Auto Configuration does not send probe requests to connect to newly created ad hoc wireless networks in the preferred networks list. Because many ad hoc wireless networks are created for temporary wireless connectivity, you must use the Choose a Wireless Network dialog box to manually initiate a connection to an ad hoc mode wireless network.
For more information about the terms that are used to describe software updates, click the following article number to view the article in the Microsoft Knowledge Base: